bump in the wire between modem and router/mesh system
Wan set to dhcp client for data from outdoor modem ethernet(POe)
Br-lan set to static and ip address of 10.10.123.1 ( for management)
Getting internet fine- mesh system doing all routing dhcp and firewall
when connected to lan of mesh system, working fine, can log in to modem, and log in to mesh interface.
BUT- cannot login to openwrt on 10.10.123.1
Cannot ssh to 10.10.123.1.
If set pc to static ip of ,say, 10.10.123.10, with gateway of 10.10.123.1, still cannot reach openwrt.
Would like to make alterations to the SQM details, but atm, looks like I will have to reset completely?
Thanks very much for the reply - much appreciated.
Sorry for the late reply.TBH, I have spent the
last week pulling my hair out trying to configure a bump in the wire between my 5g router (in modem
mode) and my mesh system.
I only want openwrt for cake SQM ( Autorotate for mobile Broadband).
I am getting very confused with all this and would really appreciate some experienced advice.
If your goal is for the bump in the wire to be entirely transparent, I've been of the opinion that this is not really possible. However, it is possible I'm wrong.
I have never implemented a transparent bump-in-the-wire, so there may be methods by which it can legitimately work that I am not aware of.
That said, I was commenting mainly that you should be able to find out what is happening in terms of addresses and such by connecting a keyboard and display.
The method you could use would be to create a linux bridge with two Ethernet ports on it, and put a cake qdisc on each Ethernet. this should be "transparent". But also with a managed switch you could do this with vlans and have a proper management IP on a separate vlan.
Hi
Thanks very much for the reply.
The problem I am finding is the multitude of misleading info about how to configure a transparent bridge aka bump in the wire.
I get so far, and then hit a problem, whose solution is usually hidden deep in a forum reply somewhere.
Sadly, this then hits a problem. Etc etc.
I hoped this would be easier than this:-)
I mistakenly thought using openwrt as an Sqm bridge between a modem and router would be a common thing, but maybe not.
Ah well, given this two weeks, will try one more week.
does your device have a built in switch with multiple ports?
If so, reset completely, plug into the first port by Ethernet, make port 1 be a vlan like eth0.1 and add to br-lan, make port 2 be a separate vlan and port 3 be another separate vlan.
create a new network interface for br-bump, and add port 2 and 3 to the bridge. place sqm instances on port 2 and 3. Port 2 egress speed for download speeds and port 3 egress for upload speeds.
Now, plug your ISP into port 3 and your commercial router into port 2.
whenever you need to administer the OpenWrt, plug into port 1.
My openwrt device is an Intel NUC with one port and a Realtek 8153 USB to Ethernet adapter for another.
Its sits between a 5g outdoor router in IP pass through mode, and a Deco mesh system.
Br-lan contains the wan (eth1) and lan,(eth0) and has a static IP with dhcp disabled.
The mesh system this connects to has IP 192.168.68.1, so the openwrt lan static IP is set to 192.168.68.2.
On the wan side, I get conflicting suggestions.
Either
delete the wan interface, but connect it's device (eth1) to the bridge.
keep the wan interface, select it as dhcp to accept passthrough from the modem, and still add eth1 to bridge
Will try 1) today, but can't see how the port will accept IP pass through from the 5g router/.modem without being configured as a dhcp client.
Anyways using method 2. Does seem to get me passtrough to the mesh system, but I cannot for the life of me get to openwrt via its static address from a port on the main router.
This is even after discovering that assigning the static IP on openwrt should be done using the CLI as using Lucia can be very buggy.
You can implement my suggestion by buying a cheap managed switch with VLANs (tp-link sg-108e is dirt cheap in the US, like $25). A nice solution would be to bond both NICs but I don't think bonding is easily supported in uci or Luci, so you can just connect the USB NIC to your ISP, and the other NIC to the managed switch say port 1. Make port 1 on the switch tagged for vlan 1 and 2. attach eth0.1 to the br-lan and attach eth0.2 and the USB nic to the br-bump
Then attach port 2 of your switch to vlan 2 untagged, and attach your commercial router to this port. Leave the other ports on the switch attached to vlan 1 (usual default). Any time you want to administer the OpenWrt device just plug into one of the other ports on your switch, you'll connect to the LAN interface on your openwrt device.
I highly recommend against buying this switch. It has several serious design flaws that make this unsuitable for these applications -- 2 in particular:
you cannot specify the management VLAN -- that means that any/all hosts that pass through this device can actually reach its management interface.
the device will take a DHCP lease from any VLAN (this is also relevant to the issue above). The result is that it can take the IP your ISP would issue to your own router. (in theory, setting a static IP on the switch can fix this particular issue)
The TL-SG1xxE switchs are poorly designed (from a firmware perspective) and these things make it entirely unsuitable for use upstream of the firewall. It's also not good for any security sensitive situations. (AFAIK, the Netgear entry level switches have similar issues, too.)
It's true they're not the best. I've heard that the ZyXel equivalent doesn't have these flaws, so if that's available, use that.
If you have to get one and put it upstream of the firewall to partially counteract the flaws, give the switch a static IP, and use a strong random password (15 characters generated by a password keeper like keepassxc). I do those things by default for all my switches so I sometimes take those ideas for granted.